The new Cybersecurity Act places clear requirements on towns and cities. However, many local governments face the same problem today: they know they must address the cyber protection of their PV systems, but they lack clear instructions on how to do so in practice.
This is why the Guardexy team has been actively participating in professional conferences, seminars, and meetings with representatives of municipalities, cities, regions, and energy managers over recent weeks. The goal was to be available on-site, answer specific questions, and explain what the new law actually means for the operation of municipal photovoltaic power plants.
The legal obligation is clear. Information is scarce.
New legislation transfers responsibility for cyber risks directly to municipal authorities—not only in the field of IT but also for so-called operational technology (OT). This includes photovoltaic power plants, their remote control, and building energy systems.
In recent months, municipal representatives have turned to the National Cyber and Information Security Agency with hundreds of inquiries. However, the agency repeatedly points out that it lacks the capacity to provide individual advice to all local governments. The result is uncertainty: what is an obligation, what is a recommendation, and which measures make sense in actual municipal operations.
Thousands of data points daily. Municipalities often have no idea from where or why
Photovoltaic power plants on municipal buildings now communicate continuously with their surroundings. Every day, thousands of digital data points and control commands enter and leave the inverters, often directed toward the foreign servers of technology manufacturers. “Personally, I was very surprised by the amount of data sent to the manufacturer’s cloud. I view it negatively how much data we hand over without the possibility of consent or configuration,” describes Svetozár Nosko, a member of the Guardexy development team, regarding his experience.
Practice shows that municipalities:
- lack an overview of how much data their PV system processes daily,
- do not know where commands come from or where data goes,
- and lack a simple tool to control this communication.
Guardexy: Explaining, not scaring
At meetings with municipalities, the same question was repeated: How to meet legal requirements proportionately, without interfering with electricity production and without building complex infrastructure?
Guardexy representatives presented a practical perspective on the cybersecurity of municipal PV systems, without technical jargon or unnecessary fearmongering. Emphasis was placed on prevention, communication monitoring, and the ability to prove that the municipality truly has its technology under control. Using the example of Němčičky in South Moravia, municipal representatives could see the system for filtering digital packets entering the inverters and how they can be filtered and audited.
Municipal energy is now critical infrastructure
Municipal PV systems are gradually becoming part of critical infrastructure, much like street lighting, water supply, or the authority’s IT systems. And just like those, security is not a luxury, but a basic prerequisite for stable operation.
Practical experience shows that cyber protection can function as an independent security layer between the PV inverter and the network. It monitors communication, filters non-standard commands, and creates an audit trail in case of inspection.
The open debate continues
Interest from municipalities, specific inquiries, and open discussions confirm that the topic of PV cybersecurity is timely and practical. Guardexy will therefore continue its dialogue with local governments at professional events and through direct cooperation with municipalities that want to keep their energy infrastructure under control and in compliance with the law.
Insert Heading Text Here
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.